Edit

Share via

Grant users access to a report server

  • Article

SQL Server 2016 (13.x) Reporting Services and later

SQL Server Reporting Services (SSRS) uses role-based security to grant users access to a report server. On a new report server installation, only users who are members of the local Administrators group can access report server content and operations. To make the report server available to other users, you must create role assignments that map user or group accounts to a predefined role that specifies a collection of tasks.

This article focuses on using the web portal to assign users to a role. This information applies to a native mode report server.

If your report server is configured for SharePoint integrated mode, you configure access from a SharePoint site by using SharePoint permissions. Permission levels on the SharePoint site determine access to report server content and operations. You must be a site administrator to grant permissions on a SharePoint site. For more information, see Grant permissions on report server items on a SharePoint site.

Prerequisites

Role types

There are two general types of roles that you can assign to users and groups:

  • Item-level roles are used to view, add, and manage report server content, subscriptions, report processing, and report history. You define item-level role assignments on the root node (the Home folder) or on specific folders or items farther down the hierarchy.

  • System-level roles grant access to site-wide operations that aren't bound to any specific item. Examples include using Report Builder and shared schedules.

The two types of roles complement each other and should be used together. For this reason, adding a user to a report server is a two-part operation. If you assign a user to an item-level role, you should also assign them to a system-level role.

When you assign a user to a role, you must select a role that's already defined. To create, modify, or delete roles, use SQL Server Management Studio. For more information, see Create, delete, or modify a role (Management Studio).

Delegate the assignment task

To delegate the task of assigning roles to other users, create role assignments that map user accounts to Content Manager and System Administrator roles. Users who have Content Manager and System Administrator permissions can add users to a report server. For more information, see Predefined roles in Reporting Services.

Add a user or group to a system role

  1. Go to the report server web portal.

  2. In the upper-right corner, select the gear icon, and then select Site settings.

    Screenshot that shows the report server web portal gear icon with its menu open. In its menu, Site settings is highlighted.

  3. Under Site settings, select Security.

  4. Select Add group or user.

    Screenshot that shows the report server web portal Security page. Add group or user is highlighted.

  5. For Group or user, enter a Windows domain user or group account in the following format: <domain>\<account>.

    Screenshot that shows the Add group or user section of the report server web portal Security page. The Add group or user field is highlighted.

    Note

    If you're using forms authentication or custom security, specify the user or group account in the format that's correct for your deployment.

  6. Select a system role, and then select OK.

    Roles are cumulative, so if you select System Administrator and System User, the user or group can perform the tasks in both roles.

  7. Repeat these steps to create assignments for more users or groups.

Add a user or group to an item role

  1. Go to the report server web portal and locate the report item for which you want to add a user or group.

  2. On the report item, select the ellipsis to open the More info menu, and then select Manage.

    Screenshot of the web portal that shows a report item with its ellipsis highlighted and the More info menu open, with Manage highlighted.

  3. Under Manage, select Security.

  4. If the report item currently inherits security settings from a parent item, take the following actions. Otherwise, go to the next step.

    1. On the toolbar, select Customize security.
    2. Confirm that you want to change the security settings.

  5. Select Add group or user.

    Screenshot of the report server web portal that shows the Security page of a report item. Add group or user is highlighted.

  6. For Group or user, enter a Windows domain user or group account in the following format: <domain>\<account>. If you're using forms authentication or custom security, specify the user or group account in the format that's correct for your deployment.

    Screenshot of the report server web portal that shows the New role page of a report item. The Group or user field is highlighted.

  7. Select one or more role definitions that describe how the user or group should access the item, and then select OK.

  8. Repeat these steps to create assignments for more users or groups.

Related content